From: Holger Macht <holger@homac.de>
To: Hillf Danton <dhillf@gmail.com>
Cc: Hugh Dickins <hughd@google.com>, Matthew Garrett <mjg@redhat.com>,
Jeff Garzik <jgarzik@redhat.com>,
Stephen Rothwell <sfr@canb.auug.org.au>,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: linux-next: dock_link_device is oopsy
Date: Sat, 18 Feb 2012 15:04:49 +0100 [thread overview]
Message-ID: <20120218140449.GA2558@homac.suse.de> (raw)
In-Reply-To: <CAJd=RBAhnsuP4+pRS=MLyOaqx8O1gOR30bcoZC0Owabh1-1nzA@mail.gmail.com>
On Sa 18. Feb - 21:37:18, Hillf Danton wrote:
> On Sat, Feb 18, 2012 at 9:26 PM, Holger Macht <holger@homac.de> wrote:
> Hi Holger
>
> Lets check the following snippet from what you posted,
>
> > @@ -320,12 +324,17 @@ EXPORT_SYMBOL_GPL(dock_link_device);
> > */
> > struct device **dock_unlink_device(acpi_handle handle)
> > {
> > - struct device *dev = acpi_get_physical_device(handle);
> > + struct device *dev;
> > struct dock_station *dock_station;
> > int dock = 0;
> > - struct device **devices =
> > - kmalloc(dock_station_count * sizeof(struct device *),
> > - GFP_KERNEL);
> > + struct device **devices;
> > +
> > + if (!dock_station_count)
> > + return NULL;
> > +
> > + dev = acpi_get_physical_device(handle);
> > + devices = kmalloc(dock_station_count * sizeof(struct device *),
> > + GFP_KERNEL);
> >
> > if (!dev)
> > return NULL; <=== here return without freeing the newly
> allocated devices after checking
> dock_station_count is not zero
How about that one?
acpi: Bail out when linking devices and there are no dock stations
If dock_station_count is zero, we allocate zero memory and don't check
this at future references. So bail out if there are actually no dock
stations. Fix some possible memory leaks on the way.
Signed-off-by: Holger Macht <holger@homac.de>
---
drivers/acpi/dock.c | 23 ++++++++++++++++-------
1 files changed, 16 insertions(+), 7 deletions(-)
diff --git a/drivers/acpi/dock.c b/drivers/acpi/dock.c
index b5e4142..b2e8730 100644
--- a/drivers/acpi/dock.c
+++ b/drivers/acpi/dock.c
@@ -281,14 +281,15 @@ EXPORT_SYMBOL_GPL(is_dock_device);
*/
struct device **dock_link_device(acpi_handle handle)
{
- struct device *dev = acpi_get_physical_device(handle);
+ struct device *dev;
struct dock_station *dock_station;
int ret, dock = 0;
struct device **devices;
- devices = kmalloc(dock_station_count * sizeof(struct device *),
- GFP_KERNEL);
+ if (!dock_station_count)
+ return NULL;
+ dev = acpi_get_physical_device(handle);
if (!dev)
return NULL;
@@ -297,6 +298,9 @@ struct device **dock_link_device(acpi_handle handle)
return NULL;
}
+ devices = kmalloc(dock_station_count * sizeof(struct device *),
+ GFP_KERNEL);
+
list_for_each_entry(dock_station, &dock_stations, sibling) {
if (find_dock_dependent_device(dock_station, handle)) {
ret = sysfs_create_link(&dock_station->dock_device->dev.kobj,
@@ -320,13 +324,15 @@ EXPORT_SYMBOL_GPL(dock_link_device);
*/
struct device **dock_unlink_device(acpi_handle handle)
{
- struct device *dev = acpi_get_physical_device(handle);
+ struct device *dev;
struct dock_station *dock_station;
int dock = 0;
- struct device **devices =
- kmalloc(dock_station_count * sizeof(struct device *),
- GFP_KERNEL);
+ struct device **devices;
+
+ if (!dock_station_count)
+ return NULL;
+ dev = acpi_get_physical_device(handle);
if (!dev)
return NULL;
@@ -335,6 +341,9 @@ struct device **dock_unlink_device(acpi_handle handle)
return NULL;
}
+ devices = kmalloc(dock_station_count * sizeof(struct device *),
+ GFP_KERNEL);
+
list_for_each_entry(dock_station, &dock_stations, sibling) {
if (find_dock_dependent_device(dock_station, handle)) {
sysfs_remove_link(&dock_station->dock_device->dev.kobj,
--
1.7.7
next prev parent reply other threads:[~2012-02-18 14:04 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-17 21:46 linux-next: dock_link_device is oopsy Hugh Dickins
2012-02-17 22:29 ` Holger Macht
2012-02-17 22:42 ` Hugh Dickins
2012-02-17 23:01 ` Holger Macht
2012-02-17 23:49 ` Hugh Dickins
2012-02-18 11:14 ` Holger Macht
2012-02-18 13:05 ` Hillf Danton
2012-02-18 13:26 ` Holger Macht
2012-02-18 13:37 ` Hillf Danton
2012-02-18 14:04 ` Holger Macht [this message]
2012-02-18 14:35 ` Hillf Danton
2012-02-18 18:46 ` Hugh Dickins
2012-02-18 19:57 ` Holger Macht
2012-02-18 21:03 ` Hugh Dickins
2012-02-18 21:50 ` Holger Macht
2012-02-21 22:24 ` Jeff Garzik
2012-02-21 22:30 ` Holger Macht
2012-02-18 7:52 ` Hugh Dickins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120218140449.GA2558@homac.suse.de \
--to=holger@homac.de \
--cc=akpm@linux-foundation.org \
--cc=dhillf@gmail.com \
--cc=hughd@google.com \
--cc=jgarzik@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mjg@redhat.com \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox